From 2399b4e4c2f95cb4fc7b3b13f6523805c6ee857f695a75d4382e1bac9b8c71c0 Mon Sep 17 00:00:00 2001 From: Antonio Larrosa Date: Fri, 5 Apr 2024 07:57:21 +0000 Subject: [PATCH 1/4] Accepting request 1165438 from home:alarrosa:branches:network2 Forward a fix for a patch from SLE - Rebase openssh-7.7p1-fips.patch (bsc#1221928) Remove OPENSSL_HAVE_EVPGCM-ifdef, which is no longer supported by upstream OBS-URL: https://build.opensuse.org/request/show/1165438 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=258 --- openssh-7.7p1-fips.patch | 4 +--- openssh.changes | 7 +++++++ 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/openssh-7.7p1-fips.patch b/openssh-7.7p1-fips.patch index 31207b8..08b9d30 100644 --- a/openssh-7.7p1-fips.patch +++ b/openssh-7.7p1-fips.patch @@ -39,7 +39,7 @@ Index: openssh-9.6p1/cipher.c #ifdef WITH_OPENSSL #ifndef OPENSSL_NO_DES { "3des-cbc", 8, 24, 0, 0, CFLAG_CBC, EVP_des_ede3_cbc }, -@@ -110,8 +113,52 @@ static const struct sshcipher ciphers[] +@@ -110,8 +113,50 @@ static const struct sshcipher ciphers[] { NULL, 0, 0, 0, 0, 0, NULL } }; @@ -53,12 +53,10 @@ Index: openssh-9.6p1/cipher.c + { "aes128-ctr", 16, 16, 0, 0, 0, EVP_aes_128_ctr }, + { "aes192-ctr", 16, 24, 0, 0, 0, EVP_aes_192_ctr }, + { "aes256-ctr", 16, 32, 0, 0, 0, EVP_aes_256_ctr }, -+# ifdef OPENSSL_HAVE_EVPGCM + { "aes128-gcm@openssh.com", + 16, 16, 12, 16, 0, EVP_aes_128_gcm }, + { "aes256-gcm@openssh.com", + 16, 32, 12, 16, 0, EVP_aes_256_gcm }, -+# endif /* OPENSSL_HAVE_EVPGCM */ +#else + { "aes128-ctr", 16, 16, 0, 0, CFLAG_AESCTR, NULL }, + { "aes192-ctr", 16, 24, 0, 0, CFLAG_AESCTR, NULL }, diff --git a/openssh.changes b/openssh.changes index 43b39f7..b13abf6 100644 --- a/openssh.changes +++ b/openssh.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Tue Apr 2 13:07:43 UTC 2024 - Martin Sirringhaus + +- Rebase openssh-7.7p1-fips.patch (bsc#1221928) + Remove OPENSSL_HAVE_EVPGCM-ifdef, which is no longer supported by + upstream + ------------------------------------------------------------------- Tue Apr 2 11:23:05 UTC 2024 - Antonio Larrosa From b0b10ece318b9afd5567fa7fb0802c9439cb7b408100a92679b60f28e6389794 Mon Sep 17 00:00:00 2001 From: Antonio Larrosa Date: Fri, 5 Apr 2024 11:08:11 +0000 Subject: [PATCH 2/4] Accepting request 1165549 from home:alarrosa:branches:network2 - Add patch from SLE which was missing in Factory: * Mon Jun 7 20:54:09 UTC 2021 - Hans Petter Jansson - Add openssh-mitigate-lingering-secrets.patch (bsc#1186673), which attempts to mitigate instances of secrets lingering in memory after a session exits. (bsc#1213004 bsc#1213008) - Rebase patch: * openssh-6.6p1-privsep-selinux.patch OBS-URL: https://build.opensuse.org/request/show/1165549 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=259 --- openssh-6.6p1-privsep-selinux.patch | 2 +- openssh-mitigate-lingering-secrets.patch | 344 +++++++++++++++++++++++ openssh.changes | 11 + openssh.spec | 1 + 4 files changed, 357 insertions(+), 1 deletion(-) create mode 100644 openssh-mitigate-lingering-secrets.patch diff --git a/openssh-6.6p1-privsep-selinux.patch b/openssh-6.6p1-privsep-selinux.patch index c3b6268..805a0f8 100644 --- a/openssh-6.6p1-privsep-selinux.patch +++ b/openssh-6.6p1-privsep-selinux.patch @@ -114,7 +114,7 @@ Index: openssh-9.3p2/sshd.c if (privsep_chroot) { /* Change our root directory */ @@ -602,6 +606,9 @@ privsep_postauth(struct ssh *ssh, Authct - { + #ifdef DISABLE_FD_PASSING if (1) { +#elif defined(WITH_SELINUX) diff --git a/openssh-mitigate-lingering-secrets.patch b/openssh-mitigate-lingering-secrets.patch new file mode 100644 index 0000000..9422abd --- /dev/null +++ b/openssh-mitigate-lingering-secrets.patch @@ -0,0 +1,344 @@ +Index: openssh-9.3p2/kex.c +=================================================================== +--- openssh-9.3p2.orig/kex.c ++++ openssh-9.3p2/kex.c +@@ -1564,16 +1564,16 @@ enc_destroy(struct sshenc *enc) + return; + + if (enc->key) { +- memset(enc->key, 0, enc->key_len); ++ explicit_bzero(enc->key, enc->key_len); + free(enc->key); + } + + if (enc->iv) { +- memset(enc->iv, 0, enc->iv_len); ++ explicit_bzero(enc->iv, enc->iv_len); + free(enc->iv); + } + +- memset(enc, 0, sizeof(*enc)); ++ explicit_bzero(enc, sizeof(*enc)); + } + + void +@@ -1584,7 +1584,7 @@ newkeys_destroy(struct newkeys *newkeys) + + enc_destroy(&newkeys->enc); + mac_destroy(&newkeys->mac); +- memset(&newkeys->comp, 0, sizeof(newkeys->comp)); ++ explicit_bzero(&newkeys->comp, sizeof(newkeys->comp)); + } + + /* +Index: openssh-9.3p2/mac.c +=================================================================== +--- openssh-9.3p2.orig/mac.c ++++ openssh-9.3p2/mac.c +@@ -284,11 +284,11 @@ mac_destroy(struct sshmac *mac) + return; + + if (mac->key) { +- memset(mac->key, 0, mac->key_len); ++ explicit_bzero(mac->key, mac->key_len); + free(mac->key); + } + +- memset(mac, 0, sizeof(*mac)); ++ explicit_bzero(mac, sizeof(*mac)); + } + + /* XXX copied from ciphers_valid */ +Index: openssh-9.3p2/monitor.c +=================================================================== +--- openssh-9.3p2.orig/monitor.c ++++ openssh-9.3p2/monitor.c +@@ -1789,8 +1789,12 @@ mm_answer_audit_end_command(struct ssh * + void + monitor_clear_keystate(struct ssh *ssh, struct monitor *pmonitor) + { +- ssh_clear_newkeys(ssh, MODE_IN); +- ssh_clear_newkeys(ssh, MODE_OUT); ++ u_int mode; ++ ++ for (mode = 0; mode < MODE_MAX; mode++) { ++ ssh_clear_curkeys(ssh, mode); /* current keys */ ++ ssh_clear_newkeys(ssh, mode); /* next keys */ ++ } + sshbuf_free(child_state); + child_state = NULL; + } +Index: openssh-9.3p2/packet.c +=================================================================== +--- openssh-9.3p2.orig/packet.c ++++ openssh-9.3p2/packet.c +@@ -655,6 +655,7 @@ ssh_packet_close_internal(struct ssh *ss + ssh->local_ipaddr = NULL; + free(ssh->remote_ipaddr); + ssh->remote_ipaddr = NULL; ++ explicit_bzero(ssh->state, sizeof(*ssh->state)); + free(ssh->state); + ssh->state = NULL; + kex_free(ssh->kex); +@@ -783,8 +784,10 @@ compress_buffer(struct ssh *ssh, struct + case Z_OK: + /* Append compressed data to output_buffer. */ + if ((r = sshbuf_put(out, buf, sizeof(buf) - +- ssh->state->compression_out_stream.avail_out)) != 0) ++ ssh->state->compression_out_stream.avail_out)) != 0) { ++ explicit_bzero(buf, sizeof(buf)); + return r; ++ } + break; + case Z_STREAM_ERROR: + default: +@@ -819,8 +822,10 @@ uncompress_buffer(struct ssh *ssh, struc + switch (status) { + case Z_OK: + if ((r = sshbuf_put(out, buf, sizeof(buf) - +- ssh->state->compression_in_stream.avail_out)) != 0) ++ ssh->state->compression_in_stream.avail_out)) != 0) { ++ explicit_bzero(buf, sizeof(buf)); + return r; ++ } + break; + case Z_BUF_ERROR: + /* +@@ -870,6 +875,17 @@ uncompress_buffer(struct ssh *ssh, struc + #endif /* WITH_ZLIB */ + + void ++ssh_clear_curkeys(struct ssh *ssh, int mode) ++{ ++ struct session_state *state = ssh->state; ++ ++ if (state && state->newkeys[mode]) { ++ kex_free_newkeys(state->newkeys[mode]); ++ state->newkeys[mode] = NULL; ++ } ++} ++ ++void + ssh_clear_newkeys(struct ssh *ssh, int mode) + { + if (ssh->kex && ssh->kex->newkeys[mode]) { +@@ -1418,7 +1434,9 @@ ssh_packet_read_seqnr(struct ssh *ssh, u + } + + /* Append it to the buffer. */ +- if ((r = ssh_packet_process_incoming(ssh, buf, len)) != 0) ++ r = ssh_packet_process_incoming(ssh, buf, len); ++ explicit_bzero(buf, len); ++ if (r != 0) + goto out; + } + out: +@@ -2375,9 +2393,12 @@ ssh_packet_get_state(struct ssh *ssh, st + (r = sshbuf_put_u32(m, state->p_read.packets)) != 0 || + (r = sshbuf_put_u64(m, state->p_read.bytes)) != 0 || + (r = sshbuf_put_stringb(m, state->input)) != 0 || +- (r = sshbuf_put_stringb(m, state->output)) != 0) ++ (r = sshbuf_put_stringb(m, state->output)) != 0) { ++ sshbuf_obfuscate(m); + return r; ++ } + ++ sshbuf_obfuscate(m); + return 0; + } + +@@ -2496,6 +2517,8 @@ ssh_packet_set_state(struct ssh *ssh, st + size_t ilen, olen; + int r; + ++ sshbuf_unobfuscate(m); ++ + if ((r = kex_from_blob(m, &ssh->kex)) != 0 || + (r = newkeys_from_blob(m, ssh, MODE_OUT)) != 0 || + (r = newkeys_from_blob(m, ssh, MODE_IN)) != 0 || +@@ -2509,7 +2532,7 @@ ssh_packet_set_state(struct ssh *ssh, st + (r = sshbuf_get_u64(m, &state->p_read.blocks)) != 0 || + (r = sshbuf_get_u32(m, &state->p_read.packets)) != 0 || + (r = sshbuf_get_u64(m, &state->p_read.bytes)) != 0) +- return r; ++ goto out; + /* + * We set the time here so that in post-auth privsep child we + * count from the completion of the authentication. +@@ -2518,10 +2541,10 @@ ssh_packet_set_state(struct ssh *ssh, st + /* XXX ssh_set_newkeys overrides p_read.packets? XXX */ + if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0 || + (r = ssh_set_newkeys(ssh, MODE_OUT)) != 0) +- return r; ++ goto out; + + if ((r = ssh_packet_set_postauth(ssh)) != 0) +- return r; ++ goto out; + + sshbuf_reset(state->input); + sshbuf_reset(state->output); +@@ -2529,12 +2552,19 @@ ssh_packet_set_state(struct ssh *ssh, st + (r = sshbuf_get_string_direct(m, &output, &olen)) != 0 || + (r = sshbuf_put(state->input, input, ilen)) != 0 || + (r = sshbuf_put(state->output, output, olen)) != 0) +- return r; ++ goto out; + +- if (sshbuf_len(m)) +- return SSH_ERR_INVALID_FORMAT; ++ if (sshbuf_len(m)) { ++ r = SSH_ERR_INVALID_FORMAT; ++ goto out; ++ } ++ ++ r = 0; ++out: ++ if (r != 0) ++ sshbuf_obfuscate(m); + debug3_f("done"); +- return 0; ++ return r; + } + + /* NEW API */ +Index: openssh-9.3p2/packet.h +=================================================================== +--- openssh-9.3p2.orig/packet.h ++++ openssh-9.3p2/packet.h +@@ -103,6 +103,7 @@ void ssh_packet_close(struct ssh *); + void ssh_packet_set_input_hook(struct ssh *, ssh_packet_hook_fn *, void *); + void ssh_packet_clear_keys(struct ssh *); + void ssh_packet_clear_keys_noaudit(struct ssh *); ++void ssh_clear_curkeys(struct ssh *, int); + void ssh_clear_newkeys(struct ssh *, int); + + int ssh_packet_is_rekeying(struct ssh *); +Index: openssh-9.3p2/sshbuf.c +=================================================================== +--- openssh-9.3p2.orig/sshbuf.c ++++ openssh-9.3p2/sshbuf.c +@@ -309,6 +309,31 @@ sshbuf_mutable_ptr(const struct sshbuf * + return buf->d + buf->off; + } + ++/* Trivially obfuscate the buffer. This is used to make sensitive data ++ * (e.g. keystate) slightly less obvious if found lingering in kernel ++ * memory after being sent from the privsep child to its parent. ++ * ++ * Longer term we should consider using a one-time pad or a stream cipher ++ * here. */ ++void ++sshbuf_obfuscate(struct sshbuf *buf) ++{ ++ size_t i; ++ ++ if (sshbuf_check_sanity(buf) != 0 || buf->readonly || buf->refcount > 1) ++ return; ++ ++ for (i = buf->off; i < buf->size; i++) { ++ buf->d [i] ^= 0xaa; ++ } ++} ++ ++void ++sshbuf_unobfuscate(struct sshbuf *buf) ++{ ++ sshbuf_obfuscate(buf); ++} ++ + int + sshbuf_check_reserve(const struct sshbuf *buf, size_t len) + { +Index: openssh-9.3p2/sshbuf.h +=================================================================== +--- openssh-9.3p2.orig/sshbuf.h ++++ openssh-9.3p2/sshbuf.h +@@ -298,6 +298,9 @@ int sshbuf_write_file(const char *path, + int sshbuf_read(int, struct sshbuf *, size_t, size_t *) + __attribute__((__nonnull__ (2))); + ++void sshbuf_obfuscate(struct sshbuf *buf); ++void sshbuf_unobfuscate(struct sshbuf *buf); ++ + /* Macros for decoding/encoding integers */ + #define PEEK_U64(p) \ + (((u_int64_t)(((const u_char *)(p))[0]) << 56) | \ +Index: openssh-9.3p2/sshd.c +=================================================================== +--- openssh-9.3p2.orig/sshd.c ++++ openssh-9.3p2/sshd.c +@@ -272,6 +272,19 @@ static void do_ssh2_kex(struct ssh *); + static char *listener_proctitle; + + /* ++ * Clear some stack space. This is a bit naive, but hopefully helps mitigate ++ * information leaks due to registers and other data having been stored on ++ * the stack. Called after fork() and before exit(). ++ */ ++static void ++clobber_stack(void) ++{ ++ char data [32768]; ++ ++ explicit_bzero(data, 32768); ++} ++ ++/* + * Close all listening sockets + */ + static void +@@ -430,6 +443,8 @@ destroy_sensitive_data(struct ssh *ssh, + sensitive_data.host_certificates[i] = NULL; + } + } ++ ++ clobber_stack(); + } + + /* Demote private to public keys for network child */ +@@ -600,6 +615,8 @@ privsep_preauth(struct ssh *ssh) + static void + privsep_postauth(struct ssh *ssh, Authctxt *authctxt) + { ++ clobber_stack(); ++ + #ifdef DISABLE_FD_PASSING + if (1) { + #else +@@ -2360,6 +2377,7 @@ main(int ac, char **av) + if (use_privsep) { + mm_send_keystate(ssh, pmonitor); + ssh_packet_clear_keys(ssh); ++ clobber_stack(); + exit(0); + } + +@@ -2436,6 +2454,7 @@ main(int ac, char **av) + if (use_privsep) + mm_terminate(); + ++ clobber_stack(); + exit(0); + } + +@@ -2596,8 +2615,10 @@ cleanup_exit(int i) + /* cleanup_exit can be called at the very least from the privsep + wrappers used for auditing. Make sure we don't recurse + indefinitely. */ +- if (in_cleanup) ++ if (in_cleanup) { ++ clobber_stack(); + _exit(i); ++ } + in_cleanup = 1; + if (the_active_state != NULL && the_authctxt != NULL) { + do_cleanup(the_active_state, the_authctxt); +@@ -2623,5 +2644,7 @@ cleanup_exit(int i) + (!use_privsep || mm_is_monitor())) + audit_event(the_active_state, SSH_CONNECTION_ABANDON); + #endif ++ ++ clobber_stack(); + _exit(i); + } diff --git a/openssh.changes b/openssh.changes index b13abf6..b638924 100644 --- a/openssh.changes +++ b/openssh.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Thu Apr 4 12:23:13 UTC 2024 - Antonio Larrosa + +- Add patch from SLE which was missing in Factory: + * Mon Jun 7 20:54:09 UTC 2021 - Hans Petter Jansson +- Add openssh-mitigate-lingering-secrets.patch (bsc#1186673), which + attempts to mitigate instances of secrets lingering in memory + after a session exits. (bsc#1213004 bsc#1213008) +- Rebase patch: + * openssh-6.6p1-privsep-selinux.patch + ------------------------------------------------------------------- Tue Apr 2 13:07:43 UTC 2024 - Martin Sirringhaus diff --git a/openssh.spec b/openssh.spec index d55b096..7e87b12 100644 --- a/openssh.spec +++ b/openssh.spec @@ -116,6 +116,7 @@ Patch49: openssh-do-not-send-empty-message.patch Patch50: openssh-openssl-3.patch Patch51: wtmpdb.patch Patch52: logind_set_tty.patch +Patch54: openssh-mitigate-lingering-secrets.patch Patch100: fix-missing-lz.patch Patch102: openssh-7.8p1-role-mls.patch Patch103: openssh-6.6p1-privsep-selinux.patch From 2f5a8dd315aec2b39e80ab8d92517baa5b6e7d21a457cdaa3100ef7296d8b976 Mon Sep 17 00:00:00 2001 From: Antonio Larrosa Date: Fri, 5 Apr 2024 11:11:29 +0000 Subject: [PATCH 3/4] Accepting request 1165554 from home:alarrosa:branches:network - Add missing bugzilla/CVE references to the changelog OBS-URL: https://build.opensuse.org/request/show/1165554 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=260 --- openssh.changes | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/openssh.changes b/openssh.changes index b638924..d763c5a 100644 --- a/openssh.changes +++ b/openssh.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Apr 5 11:10:18 UTC 2024 - Antonio Larrosa + +- Add missing bugzilla/CVE references to the changelog + ------------------------------------------------------------------- Thu Apr 4 12:23:13 UTC 2024 - Antonio Larrosa @@ -297,14 +302,14 @@ Wed Sep 27 06:28:57 UTC 2023 - Thorsten Kukuk ------------------------------------------------------------------- Fri Jul 21 02:48:58 UTC 2023 - Simon Lees -- Update to openssh 9.3p2 (bsc#1213504, CVE-2023-38408): +- Update to openssh 9.3p2: Security ======== - Fix CVE-2023-38408 - a condition where specific libaries loaded via + Fix a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if the following - conditions are met: + conditions are met (bsc#1213504, CVE-2023-38408): * Exploitation requires the presence of specific libraries on the victim system. @@ -1060,7 +1065,7 @@ Tue Sep 28 17:50:57 UTC 2021 - Hans Petter Jansson Depending on system configuration, inherited groups may allow AuthorizedKeysCommand/AuthorizedPrincipalsCommand helper programs to - gain unintended privilege. + gain unintended privilege (bsc#1190975, CVE-2021-41617). Neither AuthorizedKeysCommand nor AuthorizedPrincipalsCommand are enabled by default in sshd_config(5). @@ -1259,7 +1264,7 @@ Tue Sep 28 17:50:57 UTC 2021 - Hans Petter Jansson * ssh-agent(1): fixed a double-free memory corruption that was introduced in OpenSSH 8.2 . We treat all such memory faults as potentially exploitable. This bug could be reached by an attacker - with access to the agent socket. + with access to the agent socket (bsc#1183137, CVE-2021-28041) = Potentially-incompatible changes * ssh(1), sshd(8): this release changes the first-preference signature @@ -2288,7 +2293,9 @@ Tue Oct 9 11:01:40 UTC 2018 - Tomáš Chvátal * openssh-7.7p1-fips.patch * openssh-7.7p1-cavstest-ctr.patch * openssh-7.7p1-cavstest-kdf.patch - * openssh-7.7p1-fips_checks.patch + * openssh-7.7p1-fips_checks.patch . Close the right + filedescriptor to avoid fd leads, and also close fdh in + read_hmac (bsc#1209536). * openssh-7.7p1-seed-prng.patch * openssh-7.7p1-systemd-notify.patch * openssh-7.7p1-gssapi_key_exchange.patch From 2793e0783a00362d6de32168d00c545334adea0ad3e6322c6b03f65f72221900 Mon Sep 17 00:00:00 2001 From: Antonio Larrosa Date: Mon, 8 Apr 2024 11:15:17 +0000 Subject: [PATCH 4/4] Accepting request 1166156 from home:alarrosa:branches:network Add one more bsc/CVE reference OBS-URL: https://build.opensuse.org/request/show/1166156 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=261 --- openssh.changes | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/openssh.changes b/openssh.changes index d763c5a..2f4e28b 100644 --- a/openssh.changes +++ b/openssh.changes @@ -50,7 +50,8 @@ Sun Feb 25 18:26:23 UTC 2024 - Hans Petter Jansson protocol by sending extra messages prior to the commencement of encryption, and deleting an equal number of consecutive messages immediately after encryption starts. A peer SSH client/server - would not be able to detect that messages were deleted. + would not be able to detect that messages were deleted + (bsc#1217950, CVE-2023-48795). * ssh-agent(1): when adding PKCS#11-hosted private keys while specifying destination constraints, if the PKCS#11 token returned multiple keys then only the first key had the constraints applied.